With cyber security in the spotlight given recent attacks, insurers need to examine the integrity and safety of the data they have on hand. Kelly Preston, data analytics manager at SilverBridge, investigates the importance of data protection for an insurance company in the digital world.
In the UK, the number of data breaches reported by the insurance sector doubled in 2016. Some of these involved the loss of client data with experts believing that malicious users are more likely to target smaller financial services firms. Given the rise of fintechs in South Africa and other markets, this should give cause for concern. However, this does not mean larger insurance companies can afford to rest on their laurels.
According to a Grand View Research study, the global data protection and recovery solution market is expected to grow from $4,7-billion in 2016 to reach $14,1-billion by 2025. With the growing adoption of cloud computing, decision-makers are increasingly aware of the need to ensure the security of their data (both on-site and in a hosted environment).
Insurance for insurers?
Cyber and data protection insurance have almost become an accepted way to counter-act the associated risks (financially if not reputationally) of being compromised. Of course, as with a more traditional disaster recovery and business continuity approach, this insurance does not mean you must adopt an all or nothing approach.
As with anything data-related (when it comes to personal and financial information), much of what should be kept safe is governed by regulation. If an insurer is shown to be remit in taking the necessary steps in protecting data, it could face significant fines, potential downtime, and damage to its brand. After all, would a new client trust an insurer with sensitive data if it recently experienced a breach?
Protection, protection, protection
Data protection should be a priority issue for all insurers who must continually assess and review their existing strategies and compliance measurements. As a first step in this process, they need to understand the legislative environment and how their data is stored given any potential changes to the law. Everything, from what data is collected to how and where it is stored, and who has access to it should come under scrutiny.
At the core, decision-makers need to determine whether the insurer has a basic security foundation in place that encompasses both virtual and real-world components. Things such as perimeter and access security and who has access to servers and sensitive databases should provide the stepping stones for more detailed processes.
An insurer also needs to take a step back and get to grips with the lifecycle of its data. Creating, storing, using, sharing, archiving, and destroying are all elements that will impact the level of data security required and what protection policies should best be applied to it.
Cloud versus hosted
One of the biggest challenges around data protection is the misnomer that the cloud is not as secure as on-premise solutions. If anything, solution providers need take even more steps to ensure data stored in a virtual data centre is protected. Reputationally, if there is a compromise, it could potentially face closure due to the damage caused by the attack.
In today’s modern business environment, the discussion should therefore be less on hosted versus cloud and more on making sure all the necessary security steps and policies are put in place to protect data. The risk of attack is simply too significant to ignore this for any length of time.